FBI Warns US Companies about Iranian Hackers

Iranian hackers have searched cybercriminal websites for sensitive data stolen from American and foreign organizations that could be useful in future efforts to hack those organizations, said the FBI. (Getty Images)
Iranian hackers have searched cybercriminal websites for sensitive data stolen from American and foreign organizations that could be useful in future efforts to hack those organizations, said the FBI. (Getty Images)
TT

FBI Warns US Companies about Iranian Hackers

Iranian hackers have searched cybercriminal websites for sensitive data stolen from American and foreign organizations that could be useful in future efforts to hack those organizations, said the FBI. (Getty Images)
Iranian hackers have searched cybercriminal websites for sensitive data stolen from American and foreign organizations that could be useful in future efforts to hack those organizations, said the FBI. (Getty Images)

Iranian hackers have searched cybercriminal websites for sensitive data stolen from American and foreign organizations that could be useful in future efforts to hack those organizations, the FBI said in an advisory sent to US companies obtained by CNN.

The Iranian hackers have taken an interest in dark-web forums, where scammers leak information on their victims such as stolen emails and network configurations, according to the November 8 advisory. The FBI is concerned that the Iranian hacking group could use that information to plot ways into US corporate networks in the future.

Organizations at risk are advised to take mitigation measures to block hacking attempts by securing Remote Desktop Protocol (RDP) servers, Web Application Firewalls, and Kentico CMS installations targeted by this adversary, said Bleeping Computer, a cybersecurity news outlet, which was the first to report on the FBI analysis.

"Among the Tactics, Techniques, and Procedures (TTPs) used in attacks by this threat actor since May 2021, the FBI mentions the use of auto-exploiter tools used to compromise WordPress sites to deploy web shells, breaching RDP servers and using them to maintain access to victims' networks."

It is unclear which Iranian hacking group is behind the activity. The FBI did not identify the hackers by name or say if they are linked to the Iranian government.

Adam Meyers, senior vice president of intelligence at security firm CrowdStrike, told CNN that Iranian government-linked hackers have increasingly dabbled in cybercriminal activity, such as ransomware, as a means of blurring the lines between state and non-state cyber operations.

"It is well within (Iranian groups') modus operandi to purchase access to networks held by a criminal group if it serves their interests," he added.

An unnamed Iranian hacking group used similar tools to steal voter registration data from state election sites between September and October 2020, Bleeping Computer.

"That voter info was later used to impersonate the far-right Proud Boys organization and send threatening emails to Democratic voters warning that they must vote for Trump or face the consequences."

"The FBI's Cyber Division also warned in a private industry notification issued last week that ransomware gangs have compromised the networks of several tribal-owned casinos, taking down their servers and disabling connected systems."

"The same week, the federal agency also alerted the public that criminals are increasingly using cryptocurrency ATMs and QR codes for fraud, making it harder for law enforcement to recover the victims' financial losses."



Aviation Experts: Russia's Air Defense Fire Likely Caused Azerbaijan Plane Crash

In this photo taken from a video released by the administration of Mangystau region, a part of Azerbaijan Airlines' Embraer 190 lies on the ground near the airport of Aktau, Kazakhstan, on Thursday, Dec. 26, 2024. (The Administration of Mangystau Region via AP)
In this photo taken from a video released by the administration of Mangystau region, a part of Azerbaijan Airlines' Embraer 190 lies on the ground near the airport of Aktau, Kazakhstan, on Thursday, Dec. 26, 2024. (The Administration of Mangystau Region via AP)
TT

Aviation Experts: Russia's Air Defense Fire Likely Caused Azerbaijan Plane Crash

In this photo taken from a video released by the administration of Mangystau region, a part of Azerbaijan Airlines' Embraer 190 lies on the ground near the airport of Aktau, Kazakhstan, on Thursday, Dec. 26, 2024. (The Administration of Mangystau Region via AP)
In this photo taken from a video released by the administration of Mangystau region, a part of Azerbaijan Airlines' Embraer 190 lies on the ground near the airport of Aktau, Kazakhstan, on Thursday, Dec. 26, 2024. (The Administration of Mangystau Region via AP)

Aviation experts said Thursday that Russian air defense fire was likely responsible for the Azerbaijani plane crash the day before that killed 38 people and left all 29 survivors injured.
Azerbaijan Airlines' Embraer 190 was en route from Azerbaijan's capital of Baku to the Russian city of Grozny in the North Caucasus on Wednesday when it was diverted for reasons still unclear and crashed while making an attempt to land in Aktau in Kazakhstan after flying east across the Caspian Sea.
The plane went down about 3 kilometers (around 2 miles) from Aktau. Cellphone footage circulating online appeared to show the aircraft making a steep descent before smashing into the ground and exploding in a fireball.
Other footage showed part of its fuselage ripped away from the wings and the rest of the aircraft lying upside down in the grass.
Azerbaijan mourned the crash victims with national flags at half-staff across the country on Thursday. Traffic stopped at noon, and signals sounded from ships and trains as it observed a nationwide moment of silence.
Speaking at a news conference Wednesday, Azerbaijani President Ilham Aliyev said that it was too soon to speculate on the reasons behind the crash, but said that the weather had forced the plane to change from its planned course.
“The information provided to me is that the plane changed its course between Baku and Grozny due to worsening weather conditions and headed to Aktau airport, where it crashed upon landing,” The Associated Press quoted him as saying.
Russia’s civil aviation authority, Rosaviatsia, said that preliminary information indicated that the pilots diverted to Aktau after a bird strike led to an emergency on board.
As the official crash investigation started, some experts alleged that holes seen in the plane’s tail section could indicate that it could have come under fire from Russian air defense systems fending off a Ukrainian drone attack.
Ukrainian drones had previously attacked Grozny, the provincial capital of the Russian republic of Chechnya, and other regions in the country’s North Caucasus. An official in Chechnya said another drone attack on the region was fended off on Wednesday, although federal authorities didn't report it.
Mark Zee of OPSGroup, which monitors the world’s airspace and airports for risks, said that the analysis of the images of fragments of the crashed plane indicate that it was almost certainly hit by a surface-to-air missile, or SAM.
“Much more to investigate, but at high level we'd put the probability of it being a SAM attack on the aircraft at being well into the 90-99% bracket,” he said.
Osprey Flight Solutions, an aviation security firm based in the United Kingdom, warned its clients that the “Azerbaijan Airlines flight was likely shot down by a Russian military air-defense system.” Osprey provides analysis for carriers still flying into Russia after Western airlines halted their flights during the war.
Osprey CEO Andrew Nicholson said that the company had issued more than 200 alerts regarding drone attacks and air defense systems in Russia during the war.
“This incident is a stark reminder of why we do what we do,” Nicholson wrote online. “It is painful to know that despite our efforts, lives were lost in a way that could have been avoided.”
Yan Matveyev, an independent Russian military expert, noted that images of the crashed plane's tail reveal the damage compatible with shrapnel from a small surface-to-air missiles, such as the Pantsyr-S1 air defense system.
“It looks like the tail section of the plane was damaged by some missile fragments,” he said.
Matveyev added that it remains unclear why the pilots decided to fly hundreds of miles east across the Caspian Sea instead of trying to land at a closer airport in Russia after the plane was hit.
“Perhaps some of the plane's systems kept working for some time and the crew believed that they could make it and land normally,” Matveyev said, adding that the crew could also have faced restrictions on landing at another venue in Russia.
Caliber, an Azerbaijani news website with good government connections, also claimed that the airliner was fired upon by a Russian Pantsyr-S air defense system as it was approaching Grozny. It questioned why Russian authorities failed to close the airport despite the apparent drone raid in the area. Khamzat Kadyrov, head of Chechnya's Security Council, said that air defenses downed drones attacking the region on Wednesday.
Caliber also wondered why Russian authorities didn't allow the plane to make an emergency landing in Grozny or other Russian airports nearby after it was hit.
Asked about the claims that the plane had been fired upon by air defense assets, Kremlin spokesman Dmitry Peskov told reporters that “it would be wrong to make hypotheses before investigators make their verdict.”
Kazakhstan’s parliamentary speaker, Maulen Ashimbayev, also warned against rushing to conclusions based on pictures of the plane’s fragments, describing the allegations of air defense fire as unfounded and unethical.
Other officials in Kazakhstan and Azerbaijan have similarly avoided comment on a possible cause of the crash, saying it will be up to investigators to determine it.
According to Kazakh officials, those aboard the plane included 42 Azerbaijani citizens, 16 Russian nationals, six Kazakhs and three Kyrgyzstan nationals. Russia’s Emergencies Ministry on Thursday flew nine Russian survivors to Moscow for treatment.